Israel Hacked Kaspersky, Then Tipped The NSA That Its Tools Had Been Breached

In
2015, Israeli government hackers saw something suspicious in the computers of a
Moscow-based cybersecurity firm: hacking tools that could only have come from
the National Security Agency.

Israel notified the NSA, where alarmed officials
immediately began a hunt for the breach, according to individuals familiar with
the matter, who said an investigation by the agency revealed that the tools
were in the possession of the Russian government.

Israelis spies had found the hacking material on
the network of Kaspersky Lab, the global antivirus firm, now under a spotlight
in the United States because of suspicions its products facilitate Russian
espionage.

Last
month, the Department of Homeland Security instructed federal civilian agencies
to identify Kaspersky Lab software on their networks and remove it, on the
grounds that "the Russian government, whether acting on its own or in
collaboration with Kaspersky, could capitalize on access provided by Kaspersky
products to compromise federal information and information systems directly
implicates U.S. national security." The directive followed a decision by
the General Services Administration to remove Kaspersky from its list of
approved vendors. And lawmakers on Capitol Hill are considering a
government-wide ban.

The NSA declined to comment on the Israeli
discovery, which was first reported by The New York Times.

Kaspersky spokeswoman Sarah Kitsos said that
"as a private company, Kaspersky Lab does not have inappropriate ties to
any government, including Russia, and the only conclusion seems to be that
Kaspersky Lab is caught in the middle of a geopolitical fight." She said
the company "does not possess any knowledge" of Israel's hack.

The firm's founder, Eugene Kaspersky, said in a
blog post last week that his antivirus software is supposed to find malware
from all quarters.

"We absolutely and aggressively detect and
clean malware infections no matter the source," he wrote, suggesting that
the NSA hacking tools could have been picked up as malware by the antivirus
program.

In the 2015 case, investigators at the NSA
examining how the Russians obtained the material eventually narrowed their
search to an employee in the agency's elite Tailored Access Operations division
- hackers that collect intelligence about foreign targets. The employee was
using Kaspersky antivirus software on his home computer, according to the
individuals familiar with the matter.

The employee, whose name has not been made
public and who is still under investigation by federal prosecutors, did not
intend to pass the material to a foreign adversary. "There wasn't any
malice," said one individual familiar with the case, who like others
interviewed, requested anonymity to discuss an ongoing case. "It's just
that he was trying to complete the mission, and he needed the tools to do
it."

Concerns about Kaspersky have also emerged in
the cyber security industry, where some officials say that the firm's software
has been used not just to protect its customers' computers but also as a
platform for espionage.

Over the last several years, the firm has on
occasion used a standard industry technique that detects computer viruses, but
can also be employed to identify information and other data not related to
malware, according to two industry officials, who spoke on condition of
anonymity to discuss sensitive information.

The tool is called "silent signatures"
- strings of digital code that operate in stealth mode to find malware but
which could also be written to search computers for potential classified
documents, using key words or acronyms.

"Silent detection is a widely-adopted
cybersecurity industry practice, used to verify malware detections and minimize
false positives," said Kitsos. "It enables cybersecurity vendors to
offer the most up-to-date protection without bothering users with constant
on-screen alerts."

Kaspersky is also the only major antivirus firm
whose data is routed through Russian Internet service providers subject to
Russian surveillance. That surveillance system is known as the SORM, or the
System of Operative Investigative Measures.

Kitsos said that customer data flowing through
its Russian servers is encrypted. She said that the firm does not decrypt it
for the government.

Andrei Soldatov, a Russian surveillance expert
and author of "The Red Web," said, "I would be very, very
skeptical" of the claim that the government cannot read the firm's data.
As an entity that deals with encrypted information, Kaspersky must obtain a
license from the FSB, the country's powerful security service, he noted, which
"means your company is completely transparent" to the FSB.

It is not publicly known how the Russians
obtained the NSA hacking tools in 2015. Some information security analysts have
speculated that the Russians exploited a flaw in Kaspersky software to filch
the material.

But other experts say the Russians would not
need to hack's Kaspersky's systems. They say that the material could be picked
up through the country's surveillance regime.

The firm itself is likely to be beholden to the
Kremlin, said Steven Hall, who ran the CIA's Russia operations for 30 years. He
said Kaspersky's line of work is of particular interest to Russian President
Vladimir Putin and because of the way things work in Russia, Eugene Kaspersky,
"knows he's at the mercy of Putin."

"The case against Kaspersky Lab is
overwhelming," said Sen. Jeanne Shaheen, D-N.H., a vocal critic of
Kaspersky who has pushed to remove the company's software from federal
networks. "The strong ties between Kaspersky Lab and the Kremlin are very
alarming."

The federal government increasingly has been
conveying its concerns about Kaspersky to the private sector. Over at least the
past two years, the FBI has notified major companies, including in the energy
and financial sectors, about the risks of using Kaspersky software. The
briefings have elaborated on the risks of espionage, sabotage and supply chain
attacks that could be enabled through use of the software. They also explained
the surveillance law that enables the Russian government to see data coursing
through its domestic pipes.

"That's the crux of the matter," said
one industry official who received the briefing. "Whether Kaspersky is
working directly for the Russian government or not doesn't matter - their Internet
service providers are subject to monitoring. So virtually anything shared with
Kaspersky could become the property of the Russian government."

Late last month, the National Intelligence
Council completed a classified report that it shared with NATO allies
concluding that the FSB, had "probable access" to Kaspersky customer
databases and source code. That access, it concluded, could help enable cyber
attacks against U.S. government, commercial and industrial control networks.

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Web Developer, Student and Mechanical Engineer. He Enjoys writing articles, Blogging, Solving Errors, Social Surfing and Social Networking. Feel Free to let me know any of your concerns about hacking or let me know if you need any more methods on hacking anything. Enjoy Learning